<?php
require_once '../../a_config.php';
require_once "{$A_CONFIG['api_include']}";
require_once '../../api_header.php';
$conn = connect_to_db();
$msg = "";
$condition = array();
if (isset($_POST['token']) && !empty($_POST["token"]) &&
    isset($_POST['time']) && !empty($_POST["time"]) &&
    isset($_POST["oldPassword"]) && !empty($_POST["oldPassword"]) &&
    isset($_POST["newPassword"]) && !empty($_POST["newPassword"]) &&
    isset($_POST["username"]) && !empty($_POST["username"])
) {
    $key = $A_CONFIG['api_key'];
    $unixtime = $_POST['time'];
    $token = md5($key . $unixtime);
    if ($token == $_POST['token']) {
        $s_db_name = $A_CONFIG['project_pre'] . '_backstage_admin_list';
        $oldPassword = mysql_real_escape_string($_POST["oldPassword"]);
        $newPassword = mysql_real_escape_string($_POST["newPassword"]);
        $username = mysql_real_escape_string($_POST["username"]);
        $sql1 = "SELECT password FROM {$s_db_name} WHERE username='$username' limit 1";
        $res1 = mysql_query($sql1, $conn);
        if (is_resource($res1)) {
            $row1 = mysql_fetch_array($res1, MYSQL_ASSOC);
            $database_passwd = $row1["password"];
            if ($database_passwd == $oldPassword) {
                $where = "where username='$username' limit 1";
                $sql = "SELECT id FROM {$s_db_name} $where";
                $res = mysql_query($sql, $conn);
                if (is_resource($res)){
                    $sql = "UPDATE {$s_db_name} SET password='$newPassword',update_time= now() WHERE username ='$username' ";
                    $res = mysql_query($sql, $conn);
                    if ($res) {
                        $msg = "修改成功";
                        $err = 0;
                    } else {
                        $err = -2;
                        $msg = "数据处理失败，请重试";
                    }
                }else{
                    $err = -3;
                    $msg = "数据处理出错";
                }
            } else {
                $err = -3;
                $msg = "原密码错误，请重试";
            }
        } else {
            $err = -4;
            $msg = "数据处理出错";
        }
    } else {
        $err = -4;
        $msg = "非法请求";
    }
} else {
    $err = -5;
    $msg = "参数错误";
}
//    if ($token == $_POST["token"]) {
//        $oldPassword = mysql_real_escape_string($_POST["oldPassword"]);
//        $newPassword = mysql_real_escape_string($_POST["newPassword"]);
//        $username = mysql_real_escape_string($_POST["username"]);
//        $sql1 = "SELECT `password` FROM `{$A_CONFIG['project_pre']}_backstage_admin_list` WHERE username='$username' limit 1";
//        $res1 = mysql_query($sql1, $conn);
//        if (is_resource($res1)) {
//            $row1 = mysql_fetch_array($res1, MYSQL_ASSOC);
//            $database_passwd = $row1["password"];
//            if ($oldPassword == $database_passwd) {
//                $where = "where username='$username' limit 1";
//                $s_db_name = $A_CONFIG['project_pre'] . '_backstage_admin_list';
//                $sql = "SELECT id FROM {$s_db_name} $where";
//                $res = mysql_query($sql, $conn);
//                if (is_resource($res)) {
//                    $sql = "UPDATE {$s_db_name} SET password='$newPassword',update_time= now() WHERE username ='$username' ";
//                    $res = mysql_query($sql, $conn);
//                    if ($res) {
//                        $msg = "修改成功";
//                        $err = 0;
//                    } else {
//                        $err = -2;
//                        $msg = "数据处理失败，请重试";
//                    }
//                }
//            } else {
//                $err = -3;
//                $msg = "原密码错误，请重试";
//            }
//        }
//    } else {
//        $err = -4;
//        $msg = "非法请求";
//    }
//} else {
//    $err = -5;
//    $msg = "参数错误";
//}
if (!$A_CONFIG['is_debug']) {
    $resArr = compact("err", "msg");
} else {
    $resArr = compact("err", "msg", 'sql');
}
ob_clean();
$resJson = json_encode_cn($resArr);
echo $resJson;


